Method and system for conducting secure payments over a computer network

ABSTRACT

A method is provided for conducting a financial transaction by a purchaser with a merchant having an acquirer bank, over a communications network. The method includes the steps of sending a first authorization request using a pseudo account number associated with a real account number to a service provider which forwards a second authorization request to the issuer using the real account number and preferably a pseudo acquirer code associated with the service provider such that the response to the second request is based on the real account number and sent back to the service provider who preferably forwards a response to the first request preferably to the “real” acquirer. A message authentication code is further provided which includes transaction data, and where the authorization request is formatted as a standard payment card track having one or more fields including a discretionary field in which the message authentication code is placed.

RELATED APPLICATIONS

This application is a divisional of U.S. patent Ser. No. 09/833,049filed Apr. 11, 2001 which claims priority to U.S. provisionalapplication 60/195,963, filed on Apr. 11, 2000, and entitled “Method andSystem for Conducting Secure Payments Over A Computer Network,” which ishereby incorporated by reference, and to U.S. application Ser. No.09/809,367, filed Mar. 15, 2001, and entitled “Method and System forSecure Payments Over A Computer Network,” also incorporated byreference.

BACKGROUND OF INVENTION

This invention relates to a method and system for conducting securefinancial transactions over a communications network and moreparticularly to a method and system for transmitting payments securelyover a computer network, such as the Internet, and for transmittingsensitive information securely over public communication channels.

As is self-evident, on-line commerce has experienced tremendous growthover the last few years but even with that growth consumers are stilltroubled and concerned about using personal financial information andtransmitting such information, such as credit card numbers and personalidentification numbers, over public communications networks, such as theInternet. As a result, over the last few years, companies have struggledto find a way—the best way—to ensure the security of payments made overa computer network and to decrease the risk of theft or misuse offinancial information.

For example, U.S. Pat. No. 5,883,810 entitled “Electronic OnlineCommerce Card With Transaction Proxy Number For Online Transactions” andassigned to Microsoft Corporation, is directed to a system whichprovides for each transaction a temporary transaction number andassociates it with the permanent account number; the transaction numberlooks like a real credit card number and the customer uses thattransaction number and submits it to the merchant as a proxy for thecustomer account number. In this matter, the customer does not have totransmit over a public network his or her real credit card number.

In the '810 patent, the merchant passes along the transaction number tothe issuing institution, which in turn uses the transaction number as anindex, accesses the real customer account number and processes theauthorization, sending the authorization reply back to the merchantunder the transaction number. As a result, risk is purportedly minimizednot only because the customer only transmits a transaction number butalso because the proxy number is good only for a single purchase—theft“would not greatly benefit a thief because it cannot be repeatedly usedfor other purchases or transactions.” Col. 2, lines 60-61.

There is a need to improve upon the prior art systems and in particularthere is a need for a method and system for conducting a securefinancial transaction over the Internet which avoids requiring thecreation and transmission of a unique repeatedly generated transactionnumber to replace the transmission of the permanent account number foreach conducted transaction.

According to the invention of co-pending application Ser. No.09/809,367, filed Mar. 15, 2001, which is incorporated herein byreference, a “pseudo” account number is assigned to a customer andcryptographically linked to a consumer's payment account number. Thepayment account number is an account number issued by a financialinstitution or other organization that a consumer may use to make apayment for goods and/or services. For example, the payment accountnumber may be the account number from a payment card, such as a creditor debit card, or from a payment application, such as an electronic cashapplication stored on a consumer's computer. The pseudo account numberappears to be an actual payment account number to a merchant. That is,the pseudo account number has the same length as a valid payment accountnumber and begins with a valid identification number (e.g., a “5” forMasterCard International Incorporated (“MasterCard”)). The pseudoaccount number is used by the customer instead of the real accountnumber for all of his or her on-line financial transactions.

According to the invention of the co-pending application Ser. No.09/809,367, all transactions based on pseudo account numbers arepreferably cryptographically authenticated using a secret key that isunique for each account number. The authentication may be based on theprivate key of a public-key pair (“public-key authentication”), or basedon a secret key other than a private key (“secret-key authentication”).Thus, if unauthorized persons were to ascertain any pseudo accountnumbers, they would be unable to make fraudulent transactions usingthem.

This system can still be improved upon and security can be furtherenhanced to protect the messages and information being transmittedduring or in connection with a financial transaction being conductedover public communications lines.

SUMMARY OF INVENTION

According to the present invention, therefore, a method of conducting atransaction using a payment network is provided, in which a serviceprovider receives a first authorization request for the authorization ofa transaction using a first payment account number, wherein:

-   -   (i) the first payment account number has a BIN code associated        with the service provider, and is associated with a second        payment account number having a BIN code associated with an        issuer of said second number;    -   (ii) the first authorization request includes an acquirer code        associated with an acquirer; and    -   (iii) the first authorization request is routable through the        payment network to the service provider based on the BIN code of        the first payment account number.

The method further includes having the service provider respond to thefirst authorization request by transmitting a second authorizationrequest for authorization of the transaction using the second paymentaccount number, the second authorization request including an acquirercode associated with the service provider and being routable through thepayment network to the issuer based on the BIN code of the secondpayment account number.

Additionally, a response to the second authorization request is receivedby the service provider from the issuer, where the response includes theacquirer code associated with the service provider and is routablethrough the payment network based on that code. A response to the firstauthorization request is then transmitted by the service provider to theacquirer based on the response to the second authorization request, andthe response to the first authorization request preferably includes theacquirer code associated with the acquirer and is routable through thepayment network based on that code.

Another preferred embodiment of the invention includes a method ofconducting a transaction with a merchant using a first payment accountnumber that is associated with a second payment account number, wherethe method comprises: (a) generating a message authentication code basedon one or more transaction details; (b) transmitting at least the firstpayment account number and the message authentication code to themerchant; (c) requesting by the merchant an authorization for payment ofthe transaction using the first payment account number, the requestbeing formatted as if payment were tendered at a point-of-sale terminalwith a conventional magnetic-stripe payment card, the messageauthentication code being transmitted in a discretionary data fieldcontained in a track of the type used in the magnetic stripe of saidconventional payment card; (d) responding to the authorization requestfor the first payment account number by requesting an authorization forpayment of the transaction using the associated second payment accountnumber; and (e) accepting or declining the authorization request for thefirst payment account number based on the response to the authorizationrequest for the second payment account number and the messageauthentication code.

BRIEF DESCRIPTION OF THE DRAWINGS

Further objects, features and advantages of the invention will becomeapparent from the following detailed description taken in conjunctionwith the accompanying figures showing a preferred embodiment of theinvention, on which:

FIG. 1 is a block diagram of the system for obtaining a secure paymentapplication from a provider over the Internet in accordance with theinvention;

FIG. 2 is a flow diagram illustrating the flow of information between acardholder and a merchant when conducting a secure payment over theInternet using the present invention;

FIG. 3 is a flow diagram illustrating the flow of information between anacquirer, a service provider and an issuer, in accordance with thepresent invention;

FIG. 4 is a flow diagram illustrating the flow of information between anissuer, a service provider and an acquirer, in accordance with thepresent invention;

FIG. 5 is a flow diagram illustrating the flow of communication betweena merchant and an acquirer for purposes of settlement and clearing, inaccordance with the present invention;

Throughout the figures, the same reference numerals and characters,unless otherwise stated, are used to denote like features, elements,components or portions of the illustrated embodiment. Moreover, whilethe subject invention will now be described in detail with reference tothe figures, it is done so in connection with a preferred embodiment. Itis intended that changes and modifications can be made to the describedembodiment without departing from the true scope and spirit of thesubject invention as defined by the appended claims.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT Initialization of theSecure Payment Application

In accordance with a preferred embodiment of the invention, a serviceprovider issues, maintains and/or processes several components,including a secure payment application (“SPA”), of the secure paymentsystem to be conducted in accordance with the techniques of the presentinvention.

FIG. 1 illustrates first how a cardholder with a financial transactioncard may obtain a secure payment application from the service provider10 over the Internet, according to an exemplary embodiment of thepresent invention. It should initially be understood that a physicalcard is not necessary to utilize and obtain the benefits of theinvention, but that only an account number be issued to a holder (inthis case a cardholder) which identifies and links a user or participantto an account for purposes of conducting a financial transaction. Thecardholder may contact a web server associated with the service providerusing any appropriate device that may communicate over the Internet,such as a computer, cellular phone, or a personal digital assistant(PDA). For the purpose of simplicity in the following discussions, it isassumed that the cardholder uses a computer to communicate over theInternet.

As shown in FIG. 1, the service provider, for example MasterCardInternational Incorporated (or an agent of MasterCard), has in itscontrol one or more physically secure security modules 12, which offerphysical protection for the information stored inside the modules. Thesesecurity modules each contain one or more “derivation keys” that areused to create and re-create account-unique secret cryptographic keys,as explained below, which are provided within the secure paymentapplication.

First, in accordance with a preferred embodiment of the invention, thecardholder must obtain an SPA from the service provider. The preferablesteps for downloading and initializing the secure payment application(SPA) include:

-   -   1. The cardholder contacts the service provider's web site via        the Internet (either directly or through a hyperlink to the web        site through another web site, such as an issuer's web site.    -   2. The cardholder provides, under SSL encryption generally known        to those skilled in the art, (a) a payment card account        number, (b) a card expiration date, and (c) card authenticating        information. The card authenticating information may include,        for example, the card's CVC2 value, which refers to a three or        four digit value that is printed next to the signature panel of        some cards. This value is generated by the issuing bank using a        secret cryptographic key and can be verified using this same        key.    -   3. The service provider may confirm the legitimacy of the card        account number and the card expiration date by obtaining a zero        amount authorization from the issuer of the cardholder's payment        card. For instance, MasterCard may obtain this authorization        over its Banknet™ communications network.    -   4. The service provider may verify the CVC2 value if the issuer        of the cardholder's payment card has provided the service        provider with the cryptographic key(s) for verifying the CVC2        value.    -   5. The service provider may verify other card authenticating        information by sending such information to the issuer for        verification.    -   6. After the service provider (“SP”) has confirmed the        legitimacy of the cardholder-provided card data, the SP creates        or selects a pseudo account number and a secret key and embeds        these data elements into a secure payment software application        that is made available to the cardholder for download over the        Internet preferably under SSL encryption.

The pseudo account number has as its BIN a special BIN reserved forpseudo account numbers. The remainder of the pseudo account number is avalue that can be translated by the service provider via a table look-upprocess to the “real” account number.

Preferably, the assigned special service provider BIN may be one from aset of many such special BINs, where each BIN may correspond to aparticular country or region and/or to a particular product within acountry or region. Thus, the assigned special BIN may be the one thatcorresponds to the country and/or the product of the submitted “real”account number.

The secret key that the service provides preferably embeds in an SPA isunique for each card account number and is preferably derived within asecurity module using the card account number and a derivation key. Thisderivation key may itself be derived within the same or another securitymodule using a higher-level derivation key.

The cardholder may provide a password to the service provider prior todownloading the secure payment application or may select a password whenthe secure payment application is being installed on the cardholder'scomputer. If a password is provided or selected, the cardholder willthereafter be required to enter this password in order to activate thesecure payment application. The password selected by the cardholder maybe used to encrypt the secret key included in the SPA.

As would be recognized by those skilled in the art, the SPA may bedownloaded as part of a digital wallet application. In addition to theSPA, the digital wallet may store a cardholder's personal informationand other applications, such as a purse application.

Generating Card-Unique Secret Keys

The following steps may preferably be performed within a security module12 controlled by the service provider or one of its agents to obtain acard-unique secret key to be included in the secure payment application.The following steps assume that the cardholder's payment card has a16-digit account number and that the Data Encryption Algorithm (DEA)known to those skilled in the art, with a double-length key is used. TheDEA is a U.S. Government standard cryptographic algorithm that isdescribed in Federal Information Processing Standard (FIPS) 46-1, whichis incorporated herein by reference in its entirety. The DEA is alsodefined in the ANSI standard X9.32, which is also incorporated herein byreference in its entirety.

It is also assumed that the security module holds a secret high-levelkey called the derivation key that consists of 16 bytes and is used withmany or all card account numbers to cryptographically compute acard-unique secret key, called the Per-Card Key, given the cardholder's16-digit payment account number. The derivation key may be unique foreach country or for each special bank identification number or BIN.

Preferably, the steps are:

-   -   1. Considering the payment account number as 16        binary-coded-decimal digits of 4 bits each, DEA-encrypt these 64        bits using as the encryption key the left-most 8 bytes of the        16-byte Derivation Key.    -   2. DEA-decrypt the result of Step 1 using as the decryption key        the right-most 8 bytes of the 16-byte Derivation Key.    -   3. DEA-encrypt the result of Step 2 using as the encryption key        (again) the left-most 8 bytes of the 16-byte Derivation Key.    -   4. Use the result of Step 3 as the left-most 8 bytes of the        unique Per-Card Key.    -   5. DEA-encrypt the result of Step 3 using as the encryption key        the left-most 8 bytes of the 16-byte Derivation Key.    -   6. DEA-decrypt the result of Step 5 using as the decryption key        the right-most 8 bytes of the 16-byte Derivation Key.    -   7. DEA-encrypt the result of Step 6 using as the encryption key        (again) the left-most 8 bytes of the 16-byte Derivation Key.    -   8. Use the result of Step 7 as the right-most 8 bytes of the        16-byte unique Per-Card Key, and place this key in the secure        payment application in such a way that it will not be disclosed        during the normal operation of this application.

Communication Between Cardholder and Merchant

FIG. 2 illustrates the flow of information between the cardholder 14 andmerchant 16 when conducting a secure payment over the Internet accordingto an exemplary embodiment of the present invention.

Once the SPA has been installed on a cardholder's computer, thecardholder preferably uses the SPA for all Internet payments and the SPAprovides the cardholder's pseudo account number for all Internettransactions.

Once a cardholder has indicated a desire to conduct a transaction, it isdesirable (but not essential) that the merchant pass to the cardholder'scomputer the following data elements: (1) the acquirer BIN, (2) the MID(the merchant identifier as known to the acquirer), and (3) the date andtime (GMT or equivalent) of the transaction.

Preferably, the SPA uses its embedded, secret key to create a MessageAuthentication Code (MAC) relating to the transaction. For example, aMAC of approximately 8 decimal digits may be created on the followingdata elements:

-   -   1. A transaction sequence number stored in the cardholder's SPA        and incremented by the SPA whenever it generates a MAC. This        transaction sequence number may be, for example, six (6)        decimal-digits in length.    -   2. The acquirer BIN if received from the merchant, otherwise        zeros (which may be, for example, 6 decimal digits).    -   3. The MID if received from the merchant, otherwise zeros (which        may be, for example, 6 decimal digits).    -   4. Date and time, to the nearest hour or minute (in GMT), if        received from the merchant, otherwise zeros (which may be, for        example, 10 decimal digits).    -   5. The transaction amount, as displayed for the cardholder, and        as normally included in the message from cardholder to merchant        (which may be, for example, 8 decimal digits).

Preferably, a merchant is able to accept a full Track-1 image from thecardholder's computer, just as if the merchant were prepared tocommunicate with computers that include magnetic-stripe readers. (TheTrack-1 image refers to the data on track 1 of the magnetic stripe of apayment card.) Moreover, the merchant preferably is able to pass theTrack-1 data to the acquirer as if the transaction were a point-of-sale(POS) transaction.

If the merchant can accept the full Track-1 data, the MAC itself and thedata elements upon which the MAC is based are placed in the Track-1discretionary-data field. The pseudo account number is placed in theTrack-1 account-number field, and the card expiration date is placed inthe Track-1 expiration-date field.

By sending the MAC in the Track-1 discretionary-data field, manymerchants will not need to make any changes to their systems and/orsoftware because they can already handle POS transactions, which includeTrack-1 discretionary data. For other merchants, systems and/or softwareto handle POS transactions are readily available.

If a merchant cannot accept the full Track-1 data, the SPA may send aconventional SSL payment message, except that the pseudo account numberis used instead of the cardholder's “real” account number. The merchantthen sends the transaction data to the acquirer in the manner that itnormally does. In practice, during a transition period, the merchantsthat are not capable of handling POS transactions with Track-1 datamight not be required to receive and handle MACs.

Instead of being sent in the Track-1 discretionary-data field, the MACmay also be sent in another format, in which case merchants andacquirers may be required to change their systems and/or software tohandle this other format.

Upon receipt of the cardholder's transaction message, the merchantformats a conventional authorization request for the acquirer. For thosemerchants that are able to able to accept Track-1 data, thisauthorization request will be formatted exactly as if it originated froma POS terminal and will include the Track-1 data provided by thecardholder.

Should a merchant initiate multiple authorization/clearing transactionsfor a cardholder transaction, preferably only the first of thesetransactions will include the Track-1 data. The subsequent transactionswill include only the pseudo account number and expiration date and maybe considered mail-order-telephone-order transactions. This is true forall recurring payments and partial payments with multiple clearings.

Acquirer Handling of Authorization Request

FIG. 3 illustrates the communication between an acquirer 18, serviceprovider 10, and an issuer according to an exemplary embodiment of thepresent invention.

The presence of Track-1 data in an Internet transaction should notadversely impact those acquirers who receive transactions from Internetmerchants via conventional telephone lines, since such transactions willbe formatted identically to transactions from conventional point-of-saleterminals. However, acquirers who receive transactions via the Internet(and not conventional telephone) may need a “conversion box” that woulddeliver transactions without Track-1 data unchanged and would delivertransactions with Track-1 data over a different physical wire as if theyhad come from POS terminals. The design of such a conversion box is wellwithin the ability of a person of ordinary skill in the art.

When an acquirer 18 receives an authorization request message from anInternet merchant 16, it looks up the issuer BIN in its BIN table. Inthe case of a pseudo account number transaction, the “issuer” willcorrespond to a service provider-authorized processing facility 10,which will receive the request. In the case of a non-pseudo or realaccount number, normal processing will take place.

Some countries may have a special security-module-equipped facility thathandles domestic transactions. Each such domestic facility wouldpreferably be set up only with the service provider's approval and wouldhold only the cryptographic keys and account-number conversion data forthe country whose transactions it processes. In countries with such adomestic facility, all same-country transactions will be sent to thisfacility. This can also be done for individual banks in a country, if itis so desired.

A domestic facility to handle domestic transactions would be far moreefficient than causing domestic transactions to go through a centralprocessing facility.

Service Provider Handling of the Authorization Request

When the service provider receives the request, it determines from theissuer BIN whether the account number is really a pseudo account numberand, if so, sends the transaction to a special system for processing.This system translates the pseudo account number to the “real” accountnumber using a table-lookup procedure. If the system determines that aTrack-1 image is included, it uses a security module to derive theappropriate Per Card Key for this card account number in order to verifythe MAC. (The derivation of the Per Card Key is described above.)

If the MAC is verified, the system then examines the BIN in the Track-1discretionary-data area. If this is not all zeros, the system comparesthis BIN with the acquirer BIN of the transaction, and verifies that thedate and time included in the Track-1 discretionary-data area arereasonable (taking into consideration that the merchant may batch itstransactions and obtain delayed authorizations). The system alsoverifies that the authorization request amount does not exceed thetransaction amount in the Track-1 discretionary-data area (the amount asapproved by the cardholder) by more than a specified amount (e.g., 20%).

It is possible that an acquirer may include the MID in the AcquirerReference Data (which is also called the Acquirer Reference Number). Itis assumed that the 23-digit Acquirer Reference Data includes amandatory “transaction type” indicator and a mandatory acquirer BIN, butthat the remaining digits are for the acquirer's discretionary use andmay in some cases include the MID. The service provider may obtain fromits Internet acquirers an indication of which acquirers include the MIDin the Acquirer Reference Data, and if so, where in the AcquirerReference Data they include it. In the case of such an acquirer, if theTrack-1 image includes an acquirer BIN (rather than six zeros), theservice provider system may also verify that the MID in the Track-1discretionary-data area matches the MID in the Acquirer Reference Data.

The service provider system may store a history of transaction sequencenumbers (TSNs) for comparison with transaction sequence numbers inauthorization requests. The comparison may be triggered by somecondition, such as when the Track-1 amount exceeds some specifiedthreshold (e.g., $200). Such a threshold may be lower when the Track-1image does not include an acquirer BIN. When the comparison istriggered, the system may compare the transaction sequence numberincluded in the Track-1 discretionary-data area against the storedhistory of transaction sequence numbers for the relevant card accountnumber. If the transaction sequence number of the current transactionis 1) higher than the smallest stored value for the current accountnumber and 2) does not match any stored value for this account, there isa reasonable assurance that the current transaction is not thefraudulent replay of data from a previous legitimate transaction.

The stored history of TSNs may be limited to a predetermined number ofTSNs. For example, the system might store only the last 10 transactionsequence numbers received for a particular card account number. Inaddition, the verification of transaction sequence numbers need notoccur in real time. It may occur while the system is obtaining anauthorization from an issuer.

The purpose of these checks is to make it very difficult for wrongdoerswho operate in collusion with Internet merchants and who may be able toobtain unencrypted transaction data to fraudulently replay data fromlegitimate transactions.

Once the service provider system has completed the above-describedverification processes (with the possible exception of the transactionsequence number verification), the system formats an authorizationrequest message for the issuer 20. This message includes the “real”account number and expiration date, but excludes the other Track-1 data.The system replaces the acquirer BIN with one of the special BINs thatserves as a “pseudo” acquirer BIN. The acquirer BIN is replaced so thatthe issuer responds to the service provider instead of the acquirer.

In order for the acquirer and issuer to compute interchange feescorrectly, the pseudo acquirer BIN should preferably correspond to thecountry in which the acquirer is located or to another country or regionthat will provide the same resultant interchange fees. If each countryhas a special BIN associated with it, the service provider may replacethe acquirer BIN with the special BIN associated with the acquirer'scountry. If an acquirer's country does not have a special BIN associatedwith it, a special BIN associated with another country may be selectedthat results in the same interchange fees.

The service provider stores in a database the Acquirer Reference Datareceived in the authorization request from the acquirer (hereinafterreferred to as the “original Acquirer Reference Data”). In formatting anauthorization message for the issuer, the service provider preferablyreplaces the original Acquirer Reference Data with “pseudo” AcquirerReference Data that includes the pseudo acquirer BIN, an appropriatetransaction-type indicator, and an index value that the service providercan use to find the original Acquirer Reference Data.

When a domestic facility processes a pseudo-account-number transaction,it operates as described above. Preferably, however, this domesticfacility will process only transactions for domestic issuers, andtherefore will need only the cryptographic keys and account-numberconversion table entries that apply to that country.

Issuer Handling of Authorization Request

FIG. 4 illustrates the communication between the issuer 20, the serviceprovider 10, and an acquirer 18 according to an exemplary embodiment ofthe present invention after the issuer has received an authorizationrequest from the service provider or from an authorized domesticprocessing facility.

The issuer 20 authorizes the transaction just as it would any othertransaction. It sends the authorization response back to the “pseudo”acquirer BIN, which will be either a service provider facility or afacility authorized by a service provider.

When the service provider 10 receives an authorization response from anissuer, it examines the acquirer BIN to determine whether it is a“pseudo” acquirer BIN. If so, the service provider determines that theauthorization response corresponds to a pseudo account numbertransaction that must be “restored” to its original format. Thus, theservice provider translates the “real” account number back to the pseudoaccount number, and restores the Acquirer Reference Data that had beenin the original transaction. The service provider then transmits theresulting message to the “real” acquirer, which processes thetransaction normally and sends the authorization response to themerchant in the normal way. The merchant responds to the authorizationresponse as it would for any other transaction.

Settlement and Clearing

FIG. 5 illustrates the flow of communication between a merchant 16, anacquirer, service provider or payment processor, for example,MasterCard's Banknet, and an issuer for the purpose of settlement andclearing according to an exemplary embodiment of the present invention.

A clearing message is processed essentially in the same manner as anauthorization request message. As previously described, the acquirer 18(because of entries in its BIN table) automatically routes a clearingmessage using a pseudo account number preferably to the service provider10 or payment processor. At this facility, the pseudo account number isreplaced by the “real” account number, the acquirer BIN is replaced bythe “pseudo” acquirer BIN, and the remainder of the Acquirer ReferenceData is replaced by an index that the service provider can subsequentlyuse to obtain the original Acquirer Reference Data. The clearing messagewith these changes is transmitted to the “real” card issuer 20, whichprocesses the transaction in the normal way. If the acquirer happens toalso be the issuer, the service provider returns the cleared transactionto the acquirer with the real account number and proper feecalculations.

Exception Processing

When a message about a transaction must be transmitted back to theacquirer or merchant from an issuer, the message is processed by theissuer as it normally would process any transaction message. Since thetransaction as known to the issuer includes the “pseudo” acquirer BIN,the “pseudo” acquirer BIN will cause the transaction message to berouted to a service provider facility. At this facility the “real”account number is replaced by the pseudo account number, and the pseudoAcquirer Reference Data is replaced with the original Acquirer ReferenceData. The transaction message is then routed to the acquirer, whichprocesses it like any other such transaction message.

Issuance of Plastic Cards for Identification

In some situations, a cardholder may buy a ticket over the Internet andwill be required, upon showing up at the event to which the ticketgrants admission, to produce the card used in the transaction in orderto authenticate rightful possession of the ticket.

To accommodate such situations, the service provider may issue and mailphysical plastic cards to cardholders who obtain pseudo account numbersfor Internet use. These cards would clearly indicate “for identificationpurposes only, not valid for transactions” on them. The embossed andencoded account number would be the pseudo account number, though theCVC2 may be that of the “real” payment card.

As another alternative, those merchants that have a legitimate need toauthenticate a cardholder using a pseudo account number may registerwith the service provider (by providing to the service providerappropriate identification and authentication information), and themerchants will be provided with a secret key or certificate ascryptographic proof of their registration. Thereafter, such merchantsmay obtain “real” account numbers from a service provider facility byproviding a copy of the pseudo-account-number transaction details undercryptographic authentication that authenticates both the transactiondata and the merchants' right to obtain a “real” account number. Theservice provider may then forward the “real” account numbers inencrypted form to the merchants, so that the cardholders may beidentified with the cards corresponding to their “real” account numbers.

Advantageously, the present invention provides enhanced security for theuse of payment account numbers over the Internet.

The foregoing merely illustrates the principles of the invention. Itwill thus be appreciated that those skilled in the art will be able todevise numerous systems and methods which, although not explicitly shownor described herein, embody the principles of the invention and thuswithin the spirit and scope of the invention.

1. A method of conducting a transaction involving a merchant over anelectronic payment network, the method comprising: receiving datarelated to the transaction from the merchant; computing a messageauthentication code based on the data related to the transaction;placing the message authentication code in a portion of thediscretionary data field of a standard payment card magnetic stripetrack format to form a track image; and transmitting the track imageincluding the message authentication code, over the payment network,before or without first storing the message authentication code on amagnetic stripe of a payment card.
 2. The method of claim 1, whereincomputing a message authentication code results in binary data, furthercomprising truncating and converting the message authentication code todecimal digits.
 3. The method of claim 1, wherein computing a messageauthentication code is further based on a transaction sequence number.4. The method of claim 3, further comprising inserting at least aportion of the transaction sequence number in a portion of thediscretionary data field of the track image, and wherein transmittingthe track image further includes transmitting at least the portion ofthe transaction sequence number over the payment network.
 5. The methodof claim 4, further comprising inserting a payment account number in apayment account number field of the standard payment card magneticstripe track format image, wherein transmitting the track image furtherincludes transmitting the payment account number over the paymentnetwork.
 6. The method of claim 5, further comprising providing acard-unique secret key calculated using at least a derivation key andthe payment account number, wherein computing the message authenticationcode comprises applying the card-unique secret key to the transactionsequence number and the data related to the transaction to compute themessage authentication code.
 7. An apparatus for conducting atransaction involving a cardholder and merchant having a merchant deviceover an electronic payment network, the apparatus comprising: acardholder memory device containing at least a card-unique secret key; areceiver module capable of receiving data from the merchant devicerelated to the transaction; a message authentication code calculatorcoupled to the receiver module and the cardholder memory device forcalculating a message authentication code using at least the datarelated to the transaction received from the merchant device and thesecret key; a track image data formatter coupled to the messageauthentication code calculator for placing at least a portion of themessage authentication code in a portion of the discretionary data fieldof a track image data formatted as a standard payment card magneticstripe data track; a transmitter coupled to the track image dataformatter for transmitting the track image data formatted as a standardpayment card magnetic stripe data track to the merchant device forsubsequent transmission over the payment network before or without firststoring the message authentication code on a magnetic stripe of apayment card.
 8. The apparatus of claim 7, wherein the messageauthentication code calculator further includes a decimalization modulefor truncating and converting the message authentication code to ashortened decimal digit representation.
 9. The apparatus of claim 7,wherein the cardholder memory device additionally has a transactionsequence number, and wherein the message authentication code calculatoris further configured to compute the message authentication code basedon the transaction sequence number.
 10. The apparatus of claim 9,wherein the track image data formatter is further configured to insertat least a portion of the transaction sequence number in a portion ofthe discretionary data field of the track image data formatted as astandard payment card magnetic stripe data track.
 11. The apparatus ofclaim 10, wherein the cardholder memory device additionally stores apayment account number, and wherein the track image data formatter isfurther configured to insert the payment account number in a paymentaccount number field of the track image data formatted as a standardpayment card magnetic stripe data track.
 12. The apparatus of claim 10,wherein the message authentication code calculator is configured tocompute a message authentication code by applying the card-unique secretkey to the transaction sequence number and the data related to thetransaction.
 13. The apparatus of claim 7, further comprising aprocessor, wherein the message authentication code calculator and thetrack image data formatter are implemented within the processor.